4 thoughts on “Who’s next?”

Yup, although herding might be a better term. Intrusion detection is one of the set of best practices. As the market for security hots up, and as buyers realise that just working the list of best practices no longer seems good enough, an attractive option is to hand the whole business over to one supplier that does the lot. And picks up the liability; it is far easier to blame IBM for a security problem if they have the whole portfolio.
As nobody really has an answer on how to do it, there is a tendency to promote full & best practices — everything on the same list as everyone else. That means a largish company with a household brandname, see RSASecurity’s purchases over the last year, and also Verisign’s. Also, those companies that were in difficult areas need to migrate themselves and their customers.

“an attractive option is to hand the whole business over to one supplier that does the lot. And picks up the liability; it is far easier to blame IBM for a security problem if they have the whole portfolio.”
Yes and no.
In the situation where a company outsources both their operations and MSS to one provider (such as IBM), it certainly becomes easier to blame that provider for security issues.
But is your goal to have “one throat to choke”, or is it to achieve security?
A situation where the outsourcer also monitors the security of that environment creates a perverse incentive for the outsource MSS unit not to report on security problems that were most likely caused by the outsource operational unit of the same company!. Why would they shoot themselves in the foot?
I write with very recent experience of this exact scenario. That’s why I think this move by IBM is fatally flawed.